<?php

/*
	[SupeSite] (C) 2007-2009 Comsenz Inc.
	$Id: do_lostpasswd.php 13342 2009-09-16 05:43:20Z zhaofei $
*/

if(!defined('IN_SUPESITE')) {
	exit('Access Denied');
}
session_start();

@include_once(S_ROOT.'./function/register.func.php');
@include_once(S_ROOT.'./class/sms.class.php');
@include_once(S_ROOT.'./class/Easemob.class.php');

$op = $_GET['op'] ? trim($_GET['op']) : '';
//include_once(S_ROOT.'./uc_client/client.php');
$member = array();

if(empty($op)) {

    if(empty($_SCONFIG['allowregister'])) {
        showmessage('not_open_registration');
    }

    if(submitcheck('lostpwsubmit')) {


        if(empty($_SCONFIG['noseccode'])) {
            if(!ckseccode($_POST['seccode'])) {
                showmessage('incorrect_code');
            }
        }
        if(empty($_POST['phonenum'])){
            showmessage('电话号码不能为空！');
        }

        $currtime = strtotime(date('Y-m-d H:i:s',time()));
        //手机验证码与session中的验证码是否一致
        if($_POST['phonenum']!=$_SESSION['mobile'] or $_POST['mobile_code']!=$_SESSION['mobile_code'] or empty($_POST['phonenum']) or empty($_POST['mobile_code'])){
            showmessage('验证码输入错误！');
        }else if(($currtime - $_SESSION['code_time']) > 300){
            $_SESSION['mobile'] = '';
            $_SESSION['mobile_code'] = '';
            showmessage('验证码失效，请重新获取！');
        }else{

            $_SESSION['mobile'] = '';
            $_SESSION['mobile_code'] = '';
        }
        //密码与确认密码是否一致
        if($_POST['password'] != $_POST['password2']) {
            showmessage('password_inconsistency');
        }

        if(!$_POST['password'] || $_POST['password'] != addslashes($_POST['password'])) {
            showmessage('profile_passwd_illegal');
        }
        $username = $_POST['username'];
        $password = $_POST['password'];

        $res = setUser($_POST['phonenum'] , $password); // 查询手机号是否为用户手机

        if($res == trim('success')){
            //设置cookie
            ssetcookie('auth', authcode("$setarr[password]\t$setarr[uid]", 'ENCODE'), 2592000);
            ssetcookie('loginuser', $username, 31536000);
            showmessage("修改成功",'/login');
        }else{
            showmessage("修改失败",'/do/lostpasswd');
        }

    }

    $register_rule = $_SCONFIG['registerrule'];
    $title = $lang['site_reg'];
    $refer = rawurldecode($refer);


} elseif($op == "checkphonenum"){
    $send_code = $_GET['send_code'];
    if(empty($_SESSION['send_code']) or $send_code!=$_SESSION['send_code']){
        //防用户恶意请求
        showmessage('请求超时，请刷新页面后重试');
    }
    $phonenum = $_GET['phonenum'];

    if(empty($phonenum)) {
        showmessage('电话号码不能为空！');
    }
    if(!check_phonenum($phonenum)) {
        showmessage('不是有效号码！');

    }



    if(check_phonenumexists($phonenum)== 0) {
        showmessage('非用户电话');
    } else {

        showmessage('succeed');

    }



} elseif($op == "checkcode") {

    $r_code = $_GET['code'];
    if(!empty($_SESSION['code']) && $r_code == $_SESSION['code'] && !empty($r_code)){

        $code = rand(100000,999999);

        $content = "您的验证码为：".$code."(5分钟内有效，感谢您使用美家邦图，请填写完成验证)。【美家邦图】";
        $content = iconv("UTF-8", "GB2312//IGNORE", $content);
        $mobile = $_GET['phonenum'];
        $res = sendSMS($mobile,$content);
       // $res = 100;
        if(trim($res) == 100){
            $_SESSION['code_time'] = strtotime(date('Y-m-d H:i:s',time()));
            $_SESSION['mobile'] = $mobile;
            $_SESSION['mobile_code'] = $code;
            showmessage('succeed');

        }else{
            showmessage('对不起，验证失败！请检查手机号码是否正确');
        }
    }else{
        showmessage('验证码错误！');
    }

} elseif($op == "checkseccode") {
    if(empty($_SCONFIG['noseccode'])) {
        if(ckseccode(trim($_GET['seccode']))) {
            showmessage('succeed');
        } else {
            showmessage('incorrect_code');
        }
    }
}

elseif (submitcheck('resetpasswd')) {
	$_POST['uid'] = intval($_POST['uid']);
	$_POST['id'] = trim($_POST['id']);
	$_POST['email'] = trim($_POST['email']);
	$_POST['newpasswd'] = trim($_POST['newpasswd']);
	$_POST['newpasswd_check'] = trim($_POST['newpasswd_check']);
	if ($_POST['newpasswd'] != $_POST['newpasswd_check']) {
		showmessage('password_inconsistency', geturl('action/login'));
	}
	
	$query = $_SGLOBAL['db']->query("SELECT uid, username, authstr, groupid FROM ".tname('members')." WHERE uid='$_POST[uid]'");
	$member = $_SGLOBAL['db']->fetch_array($query);
	//管理员组，有站点设置权限，受保护用户不可找回密码
	if ($member['groupid'] == 1 && checkperm('managesettings', $member['groupid']) || $member['flag']) {
		showmessage('getpasswd_account_invalid', geturl('action/login'));
	} 
	
	checkuser($_POST['id'], $member['authstr']);
	uc_user_edit(addslashes($member['username']), $_POST['newpasswd'], $_POST['newpasswd'], $_POST['email'], 1);
	updatetable('members', array('authstr'=>''), array('uid'=>$_POST['uid']));
	showmessage('getpasswd_succeed', geturl('action/login'));
}
$_GET['op'] = trim($_GET['op']);
if ($_GET['op'] == 'reset') {
	$_GET['uid'] = intval($_GET['uid']);
	$_GET['id'] = trim($_GET['id']);
	$query = $_SGLOBAL['db']->query("SELECT uid, username, authstr FROM ".tname('members')." WHERE uid='$_GET[uid]'");
	$member = $_SGLOBAL['db']->fetch_array($query);

	if (empty($member)) {
		showmessage('user_does_not_exist', geturl('action/login'));
	}
	$user = uc_get_user($member['username']);
	checkuser($_GET['id'], $member['authstr']);
}

include template('site_lostpasswd');


?>